From 61152e7d9433c868a39be2c9e79a21dae60c0f33 Mon Sep 17 00:00:00 2001 From: Steve Holme Date: Sun, 3 Apr 2016 11:45:02 +0100 Subject: krb5_sspi: Only process challenge when present This wouldn't cause a problem because of the way the function is called, but prior to this change, we were processing the challenge message when the credentials were NULL rather than when the challenge message was populated. This also brings this part of the Kerberos 5 code in line with the Negotiate code. --- lib/vauth/krb5_sspi.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/vauth/krb5_sspi.c b/lib/vauth/krb5_sspi.c index 4ad5f3ac0..ee80daee0 100644 --- a/lib/vauth/krb5_sspi.c +++ b/lib/vauth/krb5_sspi.c @@ -150,9 +150,10 @@ CURLcode Curl_auth_create_gssapi_user_message(struct SessionHandle *data, memset(krb5->context, 0, sizeof(CtxtHandle)); } - else { + + if(chlg64 && strlen(chlg64)) { /* Decode the base-64 encoded challenge message */ - if(strlen(chlg64) && *chlg64 != '=') { + if(*chlg64 != '=') { result = Curl_base64_decode(chlg64, &chlg, &chlglen); if(result) return result; -- cgit v1.2.3